YPYogesh Peelainexploitnotes.hashnode.dev·Jun 16 · 9 min readHackTheBox - Snapped WriteupDifficulty: Medium OS: Linux Tags: nginx-ui CVE-2026-27944 backup-disclosure bcrypt snapd CVE-2026-3888 race-condition suid privilege-escalation Reconnaissance We begin with a standard nmap scan to 00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 11 · 10 min readHackTheBox - Abducted WriteupDifficulty: Medium Reconnaissance Nmap nmap -sC -sV -A <MACHINE-IP> -oA abducted PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.16 139/tcp open netbios-s00
JJebitokinsharonjebitok.com·Jun 4 · 37 min readMetasploit: Scanning and Exploitation (TryHackMe)Link to the Walkthrough/Challenge on TryHackMe: Metasploit: Scanning and Exploitation Introduction In the previous room, you learned how to navigate the Metasploit Framework: searching for modules, co00
JJebitokinsharonjebitok.com·Jun 2 · 22 min readCVE-2026-31431: Copy-Fail (TryHackMe) Link to the walkthrough in TryHackMe: CVE-2026-31431: Copy-Fail Introduction Most local privilege escalation exploits are fragile. They depend on precise kernel version offsets, require winning a race00
TTuannqinblogs.night-wolf.io·May 21 · 11 min readFrom Privilege Escalation to RCE in Wiki.jsI was poking around Wiki.js 2.5.312 one afternoon — as one does — when I found two vulnerabilities that chain together beautifully to turn a wiki moderator into a root shell. One report got accepted. 10
MBMouhamed Ben Abdallahinerinmin-writeups.hashnode.dev·May 12 · 8 min readUnprotected Admin FunctionalityPlatform: PortSwigger Web Security Academy Category: Access Control / Vertical Privilege Escalation Difficulty: Apprentice Tool(s): Browser only Date: 12/05/2026 Overview This lab demonstrates a ver00
APAmal PKinblog.amalpk.in·May 8 · 7 min readHackthebox Fluffy Walkthrough — Windows Seasonal BoxFluffy is a realistic Windows Active Directory (AD) machine on Hack The Box's Seasonal track that simulates a corporate environment with common misconfigurations and vulnerabilities often seen in real00
PKPrashantkumar Khatriinrootcause.hashnode.dev·May 6 · 8 min readWhy You Should Never Run Containers as RootTL;DR Root inside a container is UID 0 on the host kernel. The namespace hides the host filesystem, it does not hide your privileges. A container running as root with a volume mount can read and wri00
JJebitokinsharonjebitok.com·May 6 · 7 min readAnonforce Anonforce is a TryHackMe machine that focuses on FTP misconfiguration, PGP encryption, and password cracking. The box exposes an FTP server with anonymous login enabled, granting access to the entire 00
JJebitokinsharonjebitok.com·May 6 · 14 min read Cooctus Stories (TryHackMe)Cooctus Adventures is a TryHackMe challenge that follows the Overpass storyline, where an insider threat helped the Cooctus Clan compromise Overpass. The objective is to infiltrate their private serve00
